New Webinar: Modernising Without Destabilising: How Bread Financial Is Building Confidence Through Change

Learn more

New webinar with Bread Financial

Learn more
Contact us

Blogs

Thought of the Week: Improve the standard of your DevSecOps operation with SonarCloud

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Thought of the Week: Improve the standard of your DevSecOps operation with SonarCloud</span>

Date 29 June 2026

Author Team Capacitas

Setting and maintaining development standards is essential to creating reusable and sustainable code. Implementing automated code analysis tools helps to do so conveniently and effectively across multiple project domains.

SonarCloud is one of the best ways of doing so, and it is a cloud-based code quality and security service that allows you to set custom quality requirements for your code along with the generic ones that come as standard with the service.

General monitored metrics include:

  • Code Duplication
  • Complexity Levels
  • Security Vulnerabilities
  • Coverage

Additionally, you can define quality gates (a set of measure based Boolean conditions) to create a customised standard for each deployment. This allows the DevSecOps team to identify bugs and inconsistencies seconds after the deployment.

You will save a lot of time and pain for both you and your client, as nothing will be deployed to production without passing all quality gate requirements.

During the first implementation of SonarCloud with one of our clients, we identified a version conflict in the code missed by the development team. In doing so, we averted the deployment of an AWS infrastructure that wouldn’t have been able to deploy the container required by the client.

Some examples of SonarCloud detecting security vulnerabilities in code after first being implemented include identifying committed hardcoded passwords. SonarCloud can analyse the code to search for instances where passwords are hard-coded within the code itself, a common mistake that can lead to security breaches. Additionally, SonarCloud could detect weak hash algorithms that have been used within the code, making it easier for attackers to access sensitive data.

Another issue that SonarCloud has flagged is when security keys are inadvertently pushed to GitHub, potentially exposing them to unauthorised access. Detecting and highlighting these types of vulnerabilities, SonarCloud helps developers proactively address security concerns and strengthen the overall security of their applications.

All in all, having a powerful tool such as SonarCloud integrated into your CICD pipeline is essential to maintaining and improving the standard of DevSecOps you implement on every project.

 

If you would like to find out more about our cloud services, please reach out to us via contact@capacitas.co.uk or through our website at www.capacitas.co.uk

About the Author

Alistair Masawi is one of Capacitas' consultants experienced in working with public sector and SaaS clients. Alistair specialises in DevSecOps and automated performance testing engagements.

Cegid and Capacitas case study   New call-to-action

Team Capacitas
About the author

Team Capacitas

Capacitas is a cloud and AI value partner. We translate rapid technological change into enduring commercial advantage by converting every unit of compute into enterprise value.

FinOps and AI: Building the Financial Discipline for the Next Wave of Enterprise Intelligence

AI FinOps represents an evolution rather than a replacement of traditional FinOps. It extends the model into a domain where financial, technical, and product decisions are tightly interconnected.

Read insight

Confidence Under Load: How We Verified AKS Readiness for Peak

How Capacitas verified AKS readiness for peak demand by validating workload performance, autoscaling, cluster capacity, monitoring, and incident response.

Read insight

Building Cloud Resilience: Lessons from the AWS Outage

Learning from the Latest Outage. Events like this week’s AWS disruption highlight one clear truth: resilience must be designed, not assumed.

Read insight

Bringing Order to Chaos: A Practical Guide to Chaos Testing in the Cloud

In today’s cloud-native environments, resilience is not optional—it’s critical. Chaos testing has emerged as a key practice for validating system behaviour under failure conditions.

Read insight